Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-5582

Sentry privileges assigned to objects defined in upper case can get deleted from the catalog

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Impala 2.9.0
    • Fix Version/s: Impala 2.10.0
    • Component/s: Catalog
    • Labels:
      None
    • Epic Color:
      ghx-label-3

      Description

      Steps to recreate -

      create database xbase1;
      create database xbase2;
      create role xrole;
      grant select on database XBASE1 to role xrole;
      grant select on database XBASE2 to role xrole;
      show grant role xrole;
      
      Impala:
      > show grant role xrole;
      Query: show grant role xrole
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | scope | database | table | column | uri | privilege | grant_option | create_time |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | DATABASE | XBASE1 | | | | SELECT | false | NULL |
      | DATABASE | XBASE2 | | | | SELECT | false | NULL |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      Fetched 2 row(s) in 0.08s
      
      - Wait one minute and repeat
      
      > show grant role xrole;
      Query: show grant role xrole
      +----------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      | scope | database | table | column | uri | privilege | grant_option | create_time |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      | DATABASE | xbase2 | | | | SELECT | false | Thu, Jun 08 2017 12:10:31.159 |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      Fetched 1 row(s) in 0.07s
      

      Catalog logs -

      I0626 11:43:51.265414 16261 AuthorizationPolicy.java:120] Adding privilege: server=server1->db=xbase2->action=SELECT role ID: 2
      I0626 11:43:51.265466 16261 AuthorizationPolicy.java:129] Adding privilege: server=server1->db=xbase2->action=SELECT to role: xroleID: 2
      I0626 11:43:51.265539 16261 AuthorizationPolicy.java:120] Adding privilege: server=server1->db=xbase1->action=SELECT role ID: 2
      I0626 11:43:51.265576 16261 AuthorizationPolicy.java:129] Adding privilege: server=server1->db=xbase1->action=SELECT to role: xroleID: 2
      I0626 11:43:51.791312 16267 catalog-server.cc:320] Publishing update: PRIVILEGE:2.server=server1->db=xbase2->action=SELECT@1128
      I0626 11:43:51.791333 16267 catalog-server.cc:320] Publishing update: PRIVILEGE:2.server=server1->db=xbase1->action=SELECT@1129
      I0626 11:43:51.791352 16267 catalog-server.cc:320] Publishing update: CATALOG:64ff2a46cb8f4014:a57cd5975d2b7298@1129
      I0626 11:43:51.791355 16267 catalog-server.cc:339] Publishing deletion: PRIVILEGE:2.server=server1->db=XBASE1->action=SELECT
      I0626 11:43:51.791357 16267 catalog-server.cc:339] Publishing deletion: PRIVILEGE:2.server=server1->db=XBASE2->action=SELECT
      

        Attachments

          Activity

            People

            • Assignee:
              anujphadke Anuj Phadke
              Reporter:
              anujphadke Anuj Phadke
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: